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REMARKS 

The present response is inlenclecl to be fully rcs[>onsive to all poinls of rejection raised by the 
lixajiiiaer and is believed to place the application in condition for allowance. Favorable 
reconsideration and allowance of the application is respectfully requested. 

Claims 1-64 are pending in this case. Claims 1-64 have been rejected under 35 U.S.C. § 
l()3(a). Independenv claims 1, 21, 41,61 and 63 and dependent claims 2-3, 8-20, 22-23, 28-30, 35- 
40, 42-43, 48-50, 55-60, 62,64 have been amended. 

With respect to the L;xaminer':> 35 U.S.C. § l()3(a) rejcetions. Applicant has reviewed the 
cited art and respectfully submits that the art fails to disclose or sugjj^est the Applicant's claimed 
invention. Therefore, Applicant respect fully traverses and requests favorable reconsideration. 

Response to 35 Lf.S.C, § 103(a) Reiection^ 

The Examiner rejected claims 1-64 Linder 35 U.S.C. § 103(a) as being unpatentable over IJ.S, 
Patent No. 5,901,225 (^Mreion el al.") in view ofU^S. Patent No. 6,247,168 (''Green). 

While continuing to traverse tlic Lxaminer's rejcetions, Applicain, in order to expedite the 
prosecution, has chosen to clarify and emphasize the crucial distinctions between the present 
invention and the devices of the patents cited by the Examiner. Specifically, claim 1 has been 
amended to include a method of securely downloading and installing a patch program in a plurality 
of computing devices, each computing device having a processor, progiam memory and patch 
memory, the method comprising the steps of encrypting the entire coiUents of the patch program 
using a shared key to generate a first cncrypLed patch program, the shared key being known to a 
plurality of computing devices, transmitting the first encrypted patch program to a plurality of the 
computing devices over a nonsecure communications channel, receiving the first encrypted patch 
program at a computing device, decrypting the first encrypted patch program utilizing the shared key 
to generate a first clear patch progiam, rc-encrypiing the entire contents of the clear patch program 
utilizing a unique key known only to and hardwired into that particular computing device and storing 
a resultant second encrypted patch program in memory, upon subsequent reset, retrieving the second 
encrypted patch program from the memory and decrypting the second encrypted paich program 
utilizing I he unique key to generate a second clear patch program and loading the second clear patch 
program into the patch memory for execution by the computing device. 
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Green teaches a too! tor programming non-volatile memory ihijt is embedded iii the form of 
an object in a programmable controller module to be used to transfer a firmware program to a 
plurality of different modules connected by a common nehvork. The system c\>mprises an 
encryption/decryption program. To update the firmware of a target module, the encryption program 
encrypts the serial number of the target module. The serial number is unique to the target module 
and distinguishes the target module from every other individual module in the entire PLC product 
line. Tlic '^approved'' .serial uumber of the target module is trncryptcd using the encryption key to 
generate an encrypted serial number which is then downloaded to (he proces.sor module, 'llie 
encrypted serial number is decrypted using the key. The decrypted serial number downloaded with 
the patch is compared to the serial number ol the target module. The update h performed only if 
there is a match, 

Ireton et al. teaches a system and method for performing software patches for embedded 
syslem devices in which the firmware resides in non-allerable storage of the device. An encryption 
mechanism is disclosed for increasing the security of the embedded syjsiem comprising the device. 
The patch is encrypted prior to storage in the external tnemory and decrypted as the palch is loaded 
into the device in order to recover the original bil sequence of the patch. 

It is submitted that ihe system of Green uses the unique serial of the module in the encryption 
of the patch before it is downloaded to the module. In this system, the serial number of the target 
module must be supplied to the firmware producer beforehand. The firmware producer then 
encrypts the serial number with a key known to the client (embedded in the client module) for 
transmission to the module. Green does not indicate whether the key used in the encryption of the 
serial number is shared or unique to the requesting module. Further, Green apparently only encrypts 
the serial number of the finnwure and not the contents of the firmware itself. 

In contrast, the scheme of the present invention uses a shared key known to a plurality of 
devices to encrypt the entire contents of the palch program. The encrypted patch program is then 
broadcast to idl or a subset of all the devices. No information unique to any particular device is used 
in preparing the palch program for transmission to the devices as is done by Green. All devices thai 
have knowledge of the shared key c<m receive and decrypt the patch program. The output of the 
decryption step is the original clear palch program. After decryption is complete, the integrity of the 
clear patch program is verified. 

If the verification is successful, the clear patch program is re-encrypted using a unique kev 
which is unique across the entire Kysiems. Each individual computing device is assigned its own 
unique key and is burned (i.e. hardwired) into an integrated circuit (i.e. the processor or associated 
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memory) wilhin the compuling device. The clear paich program is re-encryptcd using the unique 
key associated with that particular computing device and the result is a second encrypted patch 
program. This second encrypted patch program is stored in local non-volatile memory. 

Subsequently, alter each reset (i.e. rebool, startup, power-up, etc.) the second encrypted patch 
program is retrieved from memory and decrypted using the unique key known only to lhat particular 
computing device. This second decryption step generates a second clear patch program which is 
written into Special patch data within the computing device for cxecuUon by the processor The 
advantage of this scheme of the present invention is that at no time is the program patch exposed 
externally with the consequent risk of comprise by hackers, llic re-encryption step is unporiani as 
the number of devices using the same shared key could be large. This is why ihe patch program is 
re-encrypted with the device's unique key since only that device is able to decrypt it in the event it is 
compromised by hacking. Thus it is important to perlorm the two staue encryption/decryption 
process in order to secure the program patch while being stored by each computing device. None of 
these features arc anticipated, taught nor suggested by the Cjrccn reference. 

It is submitted that the method of Ii'eton et al. uses a "one time pad" as a key used in the 
encryplion mechanism. According to heton et ah, the temporary key may generated using 
''ionosphere scattering", a *1)it sequence of software program instructions'' or a string of random 
numbers and used to encrypt a message and is used on a "one lime only" basis to encrypt the 
software. See col. 10, lines 33-39. Further, the method does not indicate whether the key used is 
unique to a particular embedded system or common to many. 

In contrast, the secure download and storage scheme of the present invention is operative to 
re-encrypt the patch program, after decryption by the shared key, using a permanent key that is 
hardwired (i.e. burned) into the processor \C or other chip means of the computing device. This 
unique permanent key is known only to that particular computing device and is never shared with 
any other device. Further, this unique key is repeatedly used for all program patches received by the 
compuling device. This feature is neither taught nor suggested by Ireton et al. 

Applicant respectfully submits thai the Examiner has failed to show that one of ordinary skill 
in the art would have been motivated to modify Iretou et ah in view of Green to arrive at the claimed 
invention because there is no suggestion made by li'cton et al. or Green to use a fiT>it shared key to 
encrypt the patch before transmitting it to a plurality of computing devices and on each individual 
device to use a second unique key to re-encrypt the patch once received and decrypted using the first 
shared key, 
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Applicants suhinil thai (he combination of Irelon et al. and Green would not result in the 
claimed invention. I'he Examiner has improperly combined Ireton ct al. and Green in an atlempt to 
arrive al the claimed invention. The combination suggested by the Examiner fails to teach or 
suggest all the claims limiuuionv;. The combination of Ireton ei aL and Green fails to leach using a 
first shared key to encrypt the patch before transmitting it to a plurality of computing devices and on 
each individual device to UMng a second unique key to re-encrypt the patch once received and 
decrypted using the firsl shared key. 

It is believed thai amended independent claims 1,21, 41 and new independent claims 61, 63 
overcome the Examincr\s § l()3(u) rejection based on the Ireton et al. and Grccn references. 
Because Ireton et al, and (Jreeri do not anticipate or suggest claims 1, 21, 41, 61, 63 us discussed 
abt)ve, then claims 2-20, 22-40, 42-60, 62, 64 are allowable as well. The Examiner is respectfully 
requested to withdraw the rejection based on § 103(a). 

Conclusion 

In view of the above amendments and remarks, it is respectfully submiued that independent 
claims 1, 21, 41,61, 63 and hence dependent claims 2-20, 22-40, 42-60, 62, 64 are now in condition 
for allowance. Prompt notice of allowance is respectfully solicited. 

In light of Ihe Amendments and the arguments set forth above. Applicant earnestly believes 
that they are entitled to a letters patent, and respectively solicit the Fxaminer to expedite prosecution 
of this patent applications to issuance. Should the Examiner have any questions, the Examiner is 
encouraged to telephone the undersigned. 

Customer Number: 25937 RespectfiiUy submitted, 

ZARF.TSKY & ASSOCIATES PC 




ZarelSky & Associates PC 
8753 West Runion Dr 
Peoria AZ 85382-6412 
Tel.: 623-362-2585 



Howard Zanelsky 
Reg. No. 38,669 
Attorney for Appliciints 
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